< WOMBAT / FORWARD | New Bot-Family Detected: Light-Bots >

Polluting Storm

Dark Reading had recently an article about our work on Storm Worm entitled "Researchers Infiltrate and 'Pollute' Storm Botnet" (also featured on /.). The article quotes Jose Nazario:
"This has been a taboo subject of exploration, as people do not want to mess with other peoples' PCs by injecting commands," he says.

Just to clarify: We did not inject commands into Storm Worm, but just interfered with the communication process as explained in our LEET'08 paper. No commands were executed on an infected machine, we just injected packets into the communication process in order to stop the C&C channel. In practice, this does not affect an infected machine, no extra network packets or CPU cycles are used on an infected machine.

Slashdot had also covered our work a few days ago: Storm Dismantled at USENIX LEET Workshop.
This entry was posted by Thorsten Holz on Friday, April 25. 2008 at 16:33. and is filed under malware. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.